.pipelines/nightly.yaml

trigger: none

pr: none

schedules:
  - cron: "0 0 * * *"
    always: true
    displayName: "Nightly Test"
    branches:
      include:
        - main

pool: staging-pool

jobs:
  - job: scan_images
    timeoutInMinutes: 30
    workspace:
      clean: all
    steps:
      - template: templates/scan-images.yaml
  - job: verify_deployment_yaml
    timeoutInMinutes: 30
    workspace:
      clean: all
    variables:
      # contains the following environment variables:
      # - AZURE_TENANT_ID
      # - SERVICE_ACCOUNT_ISSUER
      - group: e2e-environment-variables
      - name: OUTPUT_TYPE
        value: "type=docker"
    steps:
      - script: |
          openssl genrsa -out sa.key 2048
          openssl rsa -in sa.key -pubout -out sa.pub
          make kind-create
        displayName: Create a kind cluster
        env:
          SKIP_PREFLIGHT: "true"
          SERVICE_ACCOUNT_ISSUER: $(SERVICE_ACCOUNT_ISSUER)
      - script: |
          # build the same image as the one in the deployment YAML
          # then load it into the kind cluster
          make docker-build kind-load-images
        displayName: Build the webhook image
        env:
          ALL_IMAGES: webhook
          ALL_LINUX_ARCH: amd64
          OUTPUT_TYPE: type=docker
      - script: |
          # deploy the webhook, wait for it to
          # be ready, then uninstall it
          make deploy uninstall-deploy
        displayName: Verify deployment YAML in manifest_staging/
        env:
          AZURE_TENANT_ID: $(AZURE_TENANT_ID)
          DEPLOYMENT_YAML: true
      - script: make kind-delete
        displayName: Cleanup
        condition: always()
  - job:
    timeoutInMinutes: 60
    dependsOn:
      - scan_images
      - verify_deployment_yaml
    workspace:
      clean: all
    variables:
      # contains the following environment variables:
      # - APPLICATION_CLIENT_ID
      # - AZURE_TENANT_ID
      # - KEYVAULT_NAME
      # - KEYVAULT_SECRET_NAME
      - group: e2e-environment-variables
      - name: REGISTRY
        value: upstream.azurecr.io/azure-workload-identity
      - name: SOAK_CLUSTER
        value: "true"
    strategy:
      matrix:
        soak_aks_windows_dockershim:
          WINDOWS_CLUSTER: "true"
          GINKGO_SKIP: \[LinuxOnly\]
          CLUSTER_NAME: "azwi-aks-win-dockershim"
        soak_aks_windows_containerd:
          WINDOWS_CLUSTER: "true"
          GINKGO_SKIP: \[LinuxOnly\]
          CLUSTER_NAME: "azwi-aks-win-containerd"
        soak_aks_linux:
          CLUSTER_NAME: "azwi-aks-linux"
        soak_arc:
          ARC_CLUSTER: "true"
          CLUSTER_NAME: "azwi-aks-arc"
          GINKGO_SKIP: \[Exclude:Arc\]
    steps:
      - script: make test-e2e
        displayName: Webhook E2E test suite
        env:
          APPLICATION_CLIENT_ID: $(APPLICATION_CLIENT_ID)
          AZURE_TENANT_ID: $(AZURE_TENANT_ID)
          KEYVAULT_NAME: $(KEYVAULT_NAME)
          KEYVAULT_SECRET_NAME: $(KEYVAULT_SECRET_NAME)
      - template: templates/publish-logs.yaml
  - template: templates/upgrade.yaml
    parameters:
      dependsOn:
        - scan_images
        - verify_deployment_yaml
      matrix:
        upgrade_aks_windows_dockershim:
          WINDOWS_CLUSTER: "true"
          GINKGO_SKIP: \[AKSSoakOnly\]
        upgrade_aks_windows_containerd:
          WINDOWS_CLUSTER: "true"
          WINDOWS_CONTAINERD: "true"
          GINKGO_SKIP: \[AKSSoakOnly\]
        upgrade_aks_linux:
          GINKGO_SKIP: \[AKSSoakOnly\]
        upgrade_arc:
          ARC_CLUSTER: "true"
          GINKGO_SKIP: \[AKSSoakOnly\]
  - job:
    timeoutInMinutes: 60
    dependsOn:
      - scan_images
      - verify_deployment_yaml
    workspace:
      clean: all
    variables:
      # contains the following environment variables:
      # - APPLICATION_CLIENT_ID
      # - AZURE_TENANT_ID
      # - KEYVAULT_NAME
      # - KEYVAULT_SECRET_NAME
      # - SERVICE_ACCOUNT_ISSUER
      # - SERVICE_ACCOUNT_KEYVAULT_NAME
      - group: e2e-environment-variables
      - name: LOCAL_ONLY
        value: "true"
      - name: TEST_HELM_CHART
        value: "true"
    strategy:
      matrix:
        kind_v1_22_9:
          KIND_NODE_VERSION: v1.22.9
        kind_v1_23_6:
          KIND_NODE_VERSION: v1.23.6
        kind_v1_24_2:
          KIND_NODE_VERSION: v1.24.2
    steps:
      - script: make test-e2e
        displayName: Webhook E2E test suite
        env:
          APPLICATION_CLIENT_ID: $(APPLICATION_CLIENT_ID)
          AZURE_TENANT_ID: $(AZURE_TENANT_ID)
          KEYVAULT_NAME: $(KEYVAULT_NAME)
          KEYVAULT_SECRET_NAME: $(KEYVAULT_SECRET_NAME)
          SERVICE_ACCOUNT_ISSUER: $(SERVICE_ACCOUNT_ISSUER)
          SERVICE_ACCOUNT_KEYVAULT_NAME: $(SERVICE_ACCOUNT_KEYVAULT_NAME)
      - template: templates/publish-logs.yaml